CVE-2014-0157

OpenStack Horizon <2013.2.4, icehouse-rc2 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66706
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/04/08/8
Vendor Advisory x_refsource_confirm
https://launchpad.net/bugs/1289033
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html

Scores

EPSS 0.0026
EPSS Percentile 49.9%

Details

CWE
CWE-79
Status published
Products (6)
openstack/horizon 2013.2
openstack/horizon 2013.2.1
openstack/horizon 2013.2.2
openstack/horizon 2013.2.3
opensuse/opensuse 13.1
pypi/horizon 2013.2 - 2013.2.4PyPI
Published Apr 15, 2014
Tracked Since Feb 18, 2026